CVE-2024-29413

Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function...

CVE-2024-29413

Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function...

Webasyst 跨站脚本漏洞

Webasyst is an open source PHP framework from Webasyst Inc. A cross-site scripting vulnerability exists in Webasyst version v.2.9.9 that could allow a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function...

The vulnerability of the Skype for Business Server’s instant messaging program, related to insufficient protection of sensitive data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Skype for Business Server’s instant messaging program is related to insufficient protection of sensitive data due to improper access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

CVE-2024-0869

The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license...

CVE-2024-0869

The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license...

Design/Logic Flaw

The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license...

CVE-2024-0869

The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license...

CVE-2024-0869 Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update

The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license...

CVE-2024-0869

CVE-2024-0869 – Normal (concrete details available) Affected software: Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels, WordPress plugin (versions up to and including 6.1.0). Root cause: An insufficient validation on the plugin’s instant-images/license REST A...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24...

WordPress plugin Instant Images security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Biteship:...

PT-2024-15878 · WordPress · Instant Images – One Click Image Uploads

Name of the Vulnerable Software and Affected Versions: The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress versions prior to 6.1.1 Description: The issue allows unauthorized arbitrary options update due to an insufficient check that...

Instant Images < 6.1.1 - Author+ Arbitrary Options Update

Description The plugin is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint, allowing authors and higher to update arbitrary options...

CVE-2023-6278

CVE-2023-6278 affects the Biteship for WooCommerce WordPress plugin prior to 2.2.25. The issue is a reflected XSS caused by unsanitized and unescaped biteship_error and biteship_message parameters, displayed back on the page and exploitable against high-privilege admins. Remediation: upgrade to v...

PT-2024-14922 · WordPress · Ongkos Kirim Kurir Instant

Name of the Vulnerable Software and Affected Versions: The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin versions prior to 2.2.25 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the biteship error and biteship message...

CVE-2023-51422

Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings |...

CVE-2023-49767

CVE-2023-49767 affects WordPress plugin Biteship (Ongkos Kirim Kurir Instant, Reguler, Kargo). A Stored XSS vulnerability exists in versions up to 2.2.24 (patched in 2.2.28). Exploitation requires authenticated access by Shop Manager or higher, enabling stored script execution via plugin settings...

WordPress Plugin Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Biteship:...